[Openid-specs-ab] A question about Userinfo endpoint

Brian Campbell bcampbell at pingidentity.com
Wed Feb 20 15:30:17 UTC 2013


per
http://openid.bitbucket.org/openid-connect-messages-1_0.html#StandardClaims

"The sub (subject) Claim in the UserInfo Endpoint response MUST exactly
match the sub Claim in the ID Token, before using additional UserInfo
Endpoint Claims."


On Wed, Feb 20, 2013 at 8:27 AM, Nat Sakimura <sakimura at gmail.com> wrote:

> Hi. A question.
>
> In Messages, it is stated that:  2.3.  UserInfo Endpoint
>
> The UserInfo Endpoint is a Protected Resource that returns Claims about
> the authenticated End-User. Claims are represented by a JSON object that
> contains a collection of name and value pairs for the Claims.
> Does Userinfo Endpoint only provide data for authenticated End-user? Or is
> it a generic protected resource that returns whatever have been authorized
> at the authorization server? In another word, is the value of sub in the ID
> Token and the Userinfo response for the access token whose hash is in the
> ID Token the same?
>  --
> Nat Sakimura (=nat)
> Chairman, OpenID Foundation
> http://nat.sakimura.org/
> @_nat_en
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130220/55e4625a/attachment.html>


More information about the Openid-specs-ab mailing list